Releases: cortexkit/anthropic-auth
Releases · cortexkit/anthropic-auth
Release list
v1.13.0
Highlights
- Added Anthropic model-scoped OAuth quota support for weekly limits such as Fable, including OpenCode sidebar/quota display and model-aware OAuth fallback routing. Fable quota exhaustion can route Fable requests to a fallback OAuth account while other models continue using main.
- Added the same scoped OAuth fallback behavior for Pi.
- Added scoped killswitch thresholds so matching model-scoped quota windows can hard-block an account without affecting other models.
- Fixed same-label fallback OAuth re-login state merging so fresh credentials clear stale reauth/quota errors and invalidate old quota cache entries.
- CacheKeep now tracks OAuth fallback routes and prewarms with the same OAuth account that served the cached request.
- Shortened the Fable sidebar quota label to
Faand preserved scoped killswitch thresholds in the OpenCode TUI edit modal.
Thanks to @iceteaSA for the scoped killswitch contribution.
Full Changelog: v1.12.2...v1.13.0
v1.12.2
What's changed
- Updated OpenCode dependencies to
@opencode-ai/pluginand@opencode-ai/sdk1.17.13. - Updated Pi peer dependencies to
0.80.3together, keeping the Pi package set in sync. - Updated development/runtime test tooling, including Biome
2.5.2and Miniflare4.20260630.0. - Refreshed the Bun lockfile and validated the packages after the dependency batch.
Verification
- Release workflow passed, including typecheck, build, tests, format, lint, and e2e.
- All three npm packages published at
1.12.2with matching git head.
v1.12.1
What's changed
- Claude Sonnet 5 requests now opt into visible summarized adaptive thinking in OpenCode and Pi.
- OpenCode preserves explicit
thinking: { type: "disabled" }requests and canonicalizes that shape so Anthropic accepts it. - Pi maps Sonnet 5 reasoning effort through the adaptive-thinking request shape, matching the model family's API contract.
Thanks to @iceteaSA for the fix in PR #100.
Verification
- Release workflow passed, including typecheck, build, tests, format, lint, and e2e.
- All three npm packages published at
1.12.1with matching git head.
v1.12.0
What's changed
- OpenCode slash commands handled by this plugin now use an Effect-compatible
204 No Contentresponse shape. - This matches OpenCode's current command interception path and avoids logging handled
/claude-*commands as plugin errors. - The legacy sentinel message remains in place for older host behavior.
Verification
- Release workflow passed, including typecheck, build, tests, format, lint, and e2e.
- All three npm packages published at
1.12.0with matching git head.
v1.11.0
What's changed
- Added interactive account-management and logging flows for OpenCode and Pi, including fallback account list/enable/disable/reorder/remove actions, API-key route setup, OAuth fallback login helpers, and persisted log-level settings.
- Added shared leveled redacting rotating logging, CacheKeep per-warm cost logging, and an opt-in CacheKeep subagent toggle.
- Hardened account storage and refresh coordination with serialized account-store updates, stale-lock re-election fixes, safer atomic writes, malformed sidebar-state guards, RPC multi-session isolation, and runtime-state loading when the editable config file is absent.
- Improved account cleanup and re-login UX by clearing removed fallback runtime state, showing dead fallback accounts that need re-login, and preserving clearer OAuth account labels.
- Treated Claude quota endpoint
403responses as account/org-policy auth failures without arming quota backoff or OAuth refresh backoff. - Updated OpenCode, OpenTUI, Pi, Miniflare, Biome, GitHub Actions, and related development dependencies.
Thanks to @iceteaSA for the account/logging parity work and account-management fixes, @jonmast for the runtime-state load fix, and @eddieparc for reporting and proposing the quota 403 backoff boundary fix.
v1.10.3
v1.10.3
Patch release focused on fallback routing reliability and dependency maintenance.
- Fixed
fallback-firstrouting so a usable fallback account stays routable while another process is refreshing its quota, instead of falling through to a broken primary OAuth refresh backoff. - Hardened the OpenCode TUI preferences watcher against temporarily overridden global timers.
- Updated Biome to 2.5.0.
Packages published:
@cortexkit/anthropic-auth-core@1.10.3@cortexkit/opencode-anthropic-auth@1.10.3@cortexkit/pi-anthropic-auth@1.10.3
v1.10.2
Fixes
- Fixed OpenCode
ReadableStream is lockedfailures after Anthropic streaming rate-limit errors when no fallback route can serve the request. - The plugin now returns a replayable inspected response instead of reusing the consumed response body after stream inspection.
Published packages
@cortexkit/anthropic-auth-core@1.10.2@cortexkit/opencode-anthropic-auth@1.10.2@cortexkit/pi-anthropic-auth@1.10.2
Full changelog: v1.10.1...v1.10.2
v1.10.1
Fixes
- Stabilized
/claude-cache hybridsystem cache anchors when OpenCode leaves plugin-added system instructions split across multiple system blocks. - The plugin now canonicalizes the post-identity system tail before placing the Anthropic cache breakpoint, preserving cache reuse when the underlying system text is identical but block boundaries drift.
Published packages
@cortexkit/anthropic-auth-core@1.10.1@cortexkit/opencode-anthropic-auth@1.10.1@cortexkit/pi-anthropic-auth@1.10.1
Full changelog: v1.10.0...v1.10.1
v1.10.0
Highlights
- Added interactive OpenCode TUI command dialogs for Anthropic auth actions, contributed by @iceteaSA in #76. The sidebar can now open modal flows backed by a localhost-only authenticated RPC bridge instead of relying only on text command replies.
Fixes
- Mark transient Anthropic SSE server errors inside HTTP 200 streams as retryable connection-reset-style failures, so OpenCode can use its normal auto-retry flow instead of surfacing them as non-retryable unknown errors.
Published packages
@cortexkit/anthropic-auth-core@1.10.0@cortexkit/opencode-anthropic-auth@1.10.0@cortexkit/pi-anthropic-auth@1.10.0
Full changelog: v1.9.4...v1.10.0
v1.9.4
v1.9.4
Patch release for Claude Code request-fingerprint parity.
Fixes
- Align Claude OAuth requests with captured Claude Code 2.1.177 interactive CLI traffic, including the CLI identity string, user agent, beta header ordering, and billing header
cc_entrypoint=cli. - Remove unavailable
context-1mandeffortbetas from Claude Code OAuth requests. - Add the captured thinking token count beta while continuing to omit redacted thinking by design.
- Match captured OAuth login and refresh details more closely with the updated axios-style user agent, accept header, refresh scope, and Claude Max authorize URL.
- Isolate OpenCode provider model tests from the user's real local config.
Thanks to @iceteaSA for the Claude Code MITM capture and fingerprint alignment work.
Full Changelog: v1.9.3...v1.9.4